R. F. DeMara and A. J. Rocke,
"Mitigation of Network Tampering Using Dynamic Dispatch of Mobile Agents,"
Computers and Security, Vol. 23, No. 1, February, 2004, pp. 31 - 42.

Abstract:
Detection of malicious activity by insiders, people with legitimate access to 
resources and services, is particularly difficult in a network environment. In 
this paper, a novel classification of tampering modes is identified that can be 
undertaken by insiders against network Intrusion Detection Systems (IDSs). Five 
categories of tampering modes are defined as spoofing, termination, sidetracking, 
alteration of internal data, and selective deception. These are further 
distinguished specifically toward IDS sensor, control, and alarm categories such 
as spoonfeeding, sugarcoating, and scapegoating. The Collaborative Object 
Notification Framework for Insider Defense using Autonomous Network Transactions, 
or CONFIDANT, uses distributed mobile agents to mitigate these tampering 
exposures. CONFIDANT employs techniques such as encapsulation, redundancy, 
scrambling, and mandatory obsolescence. This paper describes how these 
mitigation techniques are applied within the CONFIDANT framework. The approach 
focuses on evaluating file integrity through the use of dynamically dispatched 
mobile agents.